[OSM-talk] Mailing list security
Tom Hughes
tom at compton.nu
Sat Nov 25 17:01:20 UTC 2017
On 25/11/17 16:45, Colin Smale wrote:
> On 2017-11-25 17:31, Tom Hughes wrote:
>
>> On 25/11/17 15:37, Colin Smale wrote:
>>>
>>>
>>> On 25 November 2017 16:04:45 CET, "Éric Gillet" <gill3t.3ric+osm at gmail.com
>>> <mailto:gill3t.3ric+osm at gmail.com>> wrote:
>>>> Another point : This password is not secure, but what the worst that
>>>> could
>>>> happen with it ? As long as one don't reuse it on other applications
>>>> (as
>>>> warned during registration), the only action an attacker could do would
>>>> be
>>>> to unsubscribe you. Not really catastrophic
>>> ...until it is hacked and thousands of passwords are stolen. If even one of those leads to something serious, I am not sure that saying "I told you so 10 years ago when you signed up" will be enough to absolve the operators of liability.
>>>
>>> I will open a ticket as suggested.
>>
>> There's really not much point - we will upgrade as and when the
>> packages in Ubuntu are upgraded. We're not going to be installing from
>> source.
> In that case I won't bother. I can't help thinking: what a sorry state
> of affairs.
> When you say "we", who are you referring to exactly Tom?
The system administrators that are responsible for running it.
I would also add that most sites are sticking with mailman 2 for now
which is likely why the distros haven't upgraded.
The only site I know of that uses mailman 3 is Fedora and from my
experience of it I would say it's still a bit rough around the edges for
now.
Everybody knows the whole password thing with mailman 2 is not ideal and
is basically a major pain but there are no easy solutions to it.
Tom
--
Tom Hughes (tom at compton.nu)
http://compton.nu/
More information about the talk
mailing list